Back to Glossary
THREAT

Path Traversal (Agent)

directory traversal../../../ escalationagent filesystem access

Path traversal in agentic AI occurs when an agent's filesystem-access tools are manipulated to access files and directories outside their intended scope, exposing credentials or application secrets.

ADVERSARIAL MECHANICS

An injected instruction passes a relative path with traversal sequences (../../../../etc/passwd) to a read_file tool. Encoded variants (double-encoding, Unicode normalization) are used to defeat naive string-matching defenses.

PROTOCOL CONTEXT (MCP FILESYSTEM TOOLS)

MCP's filesystem server tools are designed to be scoped to a root. However, this scoping is advisory. McpVanguard provides mandatory enforcement at the proxy layer, independent of the tool server's own validation.

ProvnAI Mitigation

McpVanguard normalizes all path parameters before evaluation, resolving encoded characters, symlinks, and relative sequences to their absolute form. Any path outside the declared root is blocked deterministically.